Sun Java System Web Server WebDAV OPTIONS request buffer overflow

Added: 02/05/2010
CVE: CVE-2010-0361
BID: 37874
OSVDB: 61851


Sun Java System Web Server is a web application server. WebDAV (Web-based Distributed Authoring and Versioning) is an extension to the HTTP protocol which allows users to edit web server content.


A buffer overflow vulnerability in Sun Java System Web Server's WebDAV implementation allows remote attackers to execute arbitrary commands by sending a specially crafted OPTIONS request.


Upgrade to Sun Java System Web Server 6.1 Service Pack 12 or 7.0 Release 8 or higher.



Exploit works on Sun Java System Web Server 7.0 Update 7 on Windows Server 2003 SP2 with patch KB933729.

WebDAV support must be enabled on the target in order for the exploit to succeed, and the correct WebDAV URI must be specified.



Back to exploit index